Malin/domnitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cast GET parameters to int and update SQL query

Browse Source 
GET parameters 'id' and 'group_id' are now explicitly cast to integers in NotificationGroupController for improved type safety. Also, the SQL query in NotificationGroup model now includes GROUP BY and ORDER BY clauses when filtering by user_id, ensuring results are grouped and sorted by group name.
This commit is contained in:
Hosteroid
2025-10-20 17:48:35 +03:00
parent c59a4e2c5b
commit 111698cfed
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/Controllers/NotificationGroupController.php
View File

@@ -118,7 +118,7 @@ class NotificationGroupController extends Controller
public function edit() public function edit()
{ {
$id = $_GET['id'] ?? 0; $id = (int)($_GET['id'] ?? 0);
$group = $this->groupModel->getWithDetails($id); $group = $this->groupModel->getWithDetails($id);
if (!$group) { if (!$group) {
@@ -188,7 +188,7 @@ class NotificationGroupController extends Controller
public function delete() public function delete()
{ {
$id = $_GET['id'] ?? 0; $id = (int)($_GET['id'] ?? 0);
$group = $this->groupModel->find($id); $group = $this->groupModel->find($id);
if (!$group) { if (!$group) {
@@ -270,8 +270,8 @@ class NotificationGroupController extends Controller
public function deleteChannel() public function deleteChannel()
{ {
$id = $_GET['id'] ?? 0; $id = (int)($_GET['id'] ?? 0);
$groupId = $_GET['group_id'] ?? 0; $groupId = (int)($_GET['group_id'] ?? 0);
try { try {
$this->channelModel->delete($id); $this->channelModel->delete($id);
@@ -289,8 +289,8 @@ class NotificationGroupController extends Controller
public function toggleChannel() public function toggleChannel()
{ {
$id = $_GET['id'] ?? 0; $id = (int)($_GET['id'] ?? 0);
$groupId = $_GET['group_id'] ?? 0; $groupId = (int)($_GET['group_id'] ?? 0);
try { try {
$this->channelModel->toggleActive($id); $this->channelModel->toggleActive($id);

2
app/Models/NotificationGroup.php
View File

@@ -29,7 +29,7 @@ class NotificationGroup extends Model
LEFT JOIN domains d ON ng.id = d.notification_group_id"; LEFT JOIN domains d ON ng.id = d.notification_group_id";
if ($userId && !$this->getUserModel()->isAdmin($userId)) { if ($userId && !$this->getUserModel()->isAdmin($userId)) {
$sql .= " WHERE ng.user_id = ?"; $sql .= " WHERE ng.user_id = ? GROUP BY ng.id ORDER BY ng.name ASC";
$stmt = $this->db->prepare($sql); $stmt = $this->db->prepare($sql);
$stmt->execute([$userId]); $stmt->execute([$userId]);
} else { } else {